diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index e009286dc..0df7ae611 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -18458,6 +18458,248 @@ done: } #endif /* WOLFSSL_TEST_CERT */ +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ + defined(HAVE_ED25519_KEY_IMPORT) +static int ed25519ctx_test(void) +{ + byte out[ED25519_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED25519_VERIFY + int verify; +#endif /* HAVE_ED25519_VERIFY */ + ed25519_key key; + + static const byte sKeyCtx[] = { + 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f, + 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57, + 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95, + 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6 + }; + + static const byte pKeyCtx[] = { + 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f, + 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae, + 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb, + 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92 + }; + + static const byte sigCtx1[] = { + 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04, + 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b, + 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76, + 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a, + 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22, + 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5, + 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2, + 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d + }; + + static const byte sigCtx2[] = { + 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3, + 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a, + 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5, + 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4, + 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d, + 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54, + 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68, + 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d + }; + + static const byte msgCtx[] = { + 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49, + 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8 + }; + + static const byte contextCtx[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx, + sizeof(pKeyCtx), &key) != 0) + return -9020; + + if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + contextCtx, sizeof(contextCtx)) != 0) + return -9021; + + if (XMEMCMP(out, sigCtx1, 64)) + return -9022; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, + &key, contextCtx, sizeof(contextCtx)) != 0 || + verify != 1) + return -9023; +#endif + + if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, NULL, + 0) != 0) + return -9025; + + if (XMEMCMP(out, sigCtx2, 64)) + return -9026; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, + &key, NULL, 0) != 0 || verify != 1) + return -9027; +#endif + + wc_ed25519_free(&key); + + return 0; +} + +static int ed25519ph_test(void) +{ + byte out[ED25519_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED25519_VERIFY + int verify; +#endif /* HAVE_ED25519_VERIFY */ + ed25519_key key; + + static const byte sKeyPh[] = { + 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d, + 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e, + 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b, + 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42 + }; + + static const byte pKeyPh[] = { + 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b, + 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34, + 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64, + 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf + }; + + static const byte sigPh1[] = { + 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a, + 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80, + 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76, + 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41, + 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35, + 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa, + 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a, + 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06 + }; + + static const byte sigPh2[] = { + 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6, + 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29, + 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34, + 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08, + 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5, + 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6, + 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4, + 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e + }; + + static const byte msgPh[] = { + 0x61,0x62,0x63 + }; + + /* SHA-512 hash of msgPh */ + static const byte hashPh[] = { + 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, + 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, + 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, + 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, + 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f + }; + + static const byte contextPh2[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh, + sizeof(pKeyPh), &key) != 0) { + return -9030; + } + + if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, + 0) != 0) { + return -9031; + } + + if (XMEMCMP(out, sigPh1, 64)) + return -9032; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, + &key, NULL, 0) != 0 || + verify != 1) { + return -9033; + } +#endif + + if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)) != 0) { + return -9035; + } + + if (XMEMCMP(out, sigPh2, 64)) + return -9036; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, + &key, contextPh2, sizeof(contextPh2)) != 0 || + verify != 1) { + return -9037; + } +#endif + + if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, + 0) != 0) { + return -9041; + } + + if (XMEMCMP(out, sigPh1, 64)) + return -9042; + +#if defined(HAVE_ED25519_VERIFY) + if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, NULL, 0) != 0 || + verify != 1) { + return -9043; + } +#endif + + if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)) != 0) { + return -9045; + } + + if (XMEMCMP(out, sigPh2, 64)) + return -9046; + +#if defined(HAVE_ED25519_VERIFY) + if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, contextPh2, sizeof(contextPh2)) != 0 || + verify != 1) { + return -9047; + } +#endif + + wc_ed25519_free(&key); + + return 0; +} +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + int ed25519_test(void) { int ret; @@ -18531,20 +18773,6 @@ int ed25519_test(void) static const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6}; - static const byte sKeyCtx1[] = { - 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f, - 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57, - 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95, - 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6 - }; - - static const byte sKeyPh1[] = { - 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d, - 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e, - 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b, - 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42 - }; - static const byte pKey1[] = { 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7, 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a, @@ -18598,22 +18826,6 @@ int ed25519_test(void) static const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3), sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)}; - - static const byte pKeyCtx1[] = { - 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f, - 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae, - 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb, - 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92 - }; - - static const byte pKeyPh1[] = { - 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b, - 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34, - 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64, - 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf - - }; - static const byte sig1[] = { 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, @@ -18684,28 +18896,6 @@ int ed25519_test(void) static const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; - static const byte sigCtx1[] = { - 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04, - 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b, - 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76, - 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a, - 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22, - 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5, - 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2, - 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d - }; - - static const byte sigPh1[] = { - 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a, - 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80, - 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76, - 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41, - 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35, - 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa, - 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a, - 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06 - }; - static const byte msg1[] = {0x0 }; static const byte msg2[] = {0x72}; static const byte msg3[] = {0xAF,0x82}; @@ -18850,19 +19040,6 @@ int ed25519_test(void) 0 /*sizeof(msg1)*/, sizeof(msg4) }; - - static const byte msgCtx1[] = { - 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49, - 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8 - }; - - static const byte msgPh1[] = { - 0x61,0x62,0x63 - }; - - static const byte contextCtx1[] = { - 0x66,0x6f,0x6f - }; #ifndef NO_ASN static byte privateEd25519[] = { 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06, @@ -18981,63 +19158,13 @@ int ed25519_test(void) #endif /* HAVE_ED25519_VERIFY */ } - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed25519_import_private_key(sKeyCtx1, ED25519_KEY_SIZE, pKeyCtx1, - sizeof(pKeyCtx1), &key) != 0) - return -9020; + ret = ed25519ctx_test(); + if (ret != 0) + return ret; - if (wc_ed25519ctx_sign_msg(msgCtx1, sizeof(msgCtx1), out, &outlen, &key, - contextCtx1, sizeof(contextCtx1)) != 0) - return -9021; - - if (XMEMCMP(out, sigCtx1, 64)) - return -9022; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx1, sizeof(msgCtx1), &verify, - &key, contextCtx1, sizeof(contextCtx1)) != 0 || - verify != 1) - return -9023; - - /* test verify on bad msg */ - out[outlen-1] = out[outlen-1] + 1; - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx1, sizeof(msgCtx1), &verify, - &key, contextCtx1, sizeof(contextCtx1)) == 0 || - verify == 1) - return -9024; -#endif - - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed25519_import_private_key(sKeyPh1, ED25519_KEY_SIZE, pKeyPh1, - sizeof(pKeyPh1), &key) != 0) - return -9025; - - if (wc_ed25519ph_sign_msg(msgPh1, sizeof(msgPh1), out, &outlen, &key, NULL, - 0) != 0) - return -9026; - - if (XMEMCMP(out, sigPh1, 64)) - return -9027; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ph_verify_msg(out, outlen, msgPh1, sizeof(msgPh1), &verify, - &key, NULL, 0) != 0 || - verify != 1) - return -9028; - - /* test verify on bad msg */ - out[outlen-1] = out[outlen-1] + 1; - if (wc_ed25519ph_verify_msg(out, outlen, msgPh1, sizeof(msgPh1), &verify, - &key, NULL, 0) == 0 || - verify == 1) - return -9029; -#endif + ret = ed25519ph_test(); + if (ret != 0) + return ret; #ifndef NO_ASN /* Try ASN.1 encoded private-only key and public key. */